ansible-vault

I am trying to setup clean/smudge filter in git to have automatic encrypting and decrypting of files containing secrets thru ansible-vault command. Peculiarity of the ansible-vault command is that it is not idempotent (it creates a different binary each time it is invoked on the same data). I started with the implementation suggested in this blog page . Unfortunately it did not work correctly, as whenever smudge is called (be it a git checkout , or just git status), the secret files looks as modified for git, even if it is not. So I wondered if git would be comparing the binary he has in the

I am trying to use the Alternative Directory Layout and ansible-vaults within. But when i run my playbook, variables which are vault encrypted could not resolve with that directory structure. So what iam doing wrong? I execute via: ansible-playbook -i inventories/inv/hosts playbooks/inv/invTest.yml --check --ask-vault Here is my structure: . ├── inventories │ ├── inv │ │ ├── group_vars │ │ │ ├── var.yml │ │ │ └── vault.yml │ │ └── hosts │ └── staging │ ├── group_vars │ │ ├── var.yml │ │ └── vault.yml │ └── hosts ├── playbooks │ ├── staging │ │ └── stagingTest.yml │ └── inv │ ├── invTest.retry

I'd like to see the actual git commit changes in the ansible vault file. Is there an easy way how to achieve this? You can do this very neatly, so that the normal git tools like git log and git diff can see inside the vaulted files, using a custom git diff driver and .gitattributes . Make sure that your vault password is in .vault_password and that that file is not committed - you should also add it to .gitignore . Add a .gitattributes file that matches any files in your repository that are encrypted with ansible-vault and give them the attribute diff=ansible-vault . For example, I have: env